Ruby WEBrick Escape Sequence Injection - Ruby Forum

On January 10, 2010, the Ruby-Forum.com technical forum published a security advisory regarding a critical escape sequence injection vulnerability in the WEBrick HTTP server, part of Ruby’s standard library. In the post, author Urabe_S formally credits the discovery of the vulnerability to Giovanni “evilaliv3” Pellerano, Alessandro “jekil” Tanasi, and Francesco “ascii” Ongaro, emphasizing how the exploit allowed injection of dangerous control sequences into server logs. The technical analysis led to the immediate release of patches for all active Ruby versions, testifying to the impact and relevance of the discovery also attributed to Ongaro.